AgTalk Home
AgTalk Home
Search Forums | Classifieds (79) | Skins | Language
You are logged in as a guest. ( logon | register )

A comment/psa for those considering going from a PC to Apple
View previous thread :: View next thread
   Forums List -> Computer TalkMessage format
 
WYDave
Posted 12/18/2019 09:17 (#7915088 - in reply to #7914629)
Subject: RE: A comment/psa for those considering going from a PC to Apple


Wyoming

Hospitals often outsource their IT operations - there are several companies that specialize in running the managed Windows environments for hospitals and medical offices. Small, critical access hospitals might run their own Windows operations, but the two hospitals hit here in Wyoming are not really running their own servers.Most hospitals don't want to staff their own IT shop, so they outsource to a managed operations service for the backups, server capacity, updates/upgrades, back-end support, etc.

The problem for modern hospitals is that it isn't just their back-end billing operations or patient scheduling that are now tied to Windows. It's literally everything in the hospital. The IV pump in your room is connected to the hospital's wireless network. The vitals cart that takes your BP, pulse, temp, etc. is connected to the wireless network. Both communicate to a charting/EHR application on the Windows Server(s) to either put information into your chart, or take information off your Meds directives in the charting application. Updating Windows then becomes a major issue in that Microsoft tends to break interfaces and systems (mostly because their interfaces were designed incompetently in the first place) and when things "have to work" to continue patient care, updates become gated upon interoperability and uptime requirements - something that Microsoft has been completely incompetent at since, well, forever.

As a result, when these hospitals are hit with ransomware (or other attacks), they have to divert new patients to other hospitals. Here in Wyoming, we saw patients diverted (either by ambulance or by private vehicle) over 90 miles to nearby hospitals. Only the ER's would take in new patients, and when those patients had been stabilized, they'd be sent down the road to a hospital with working computers.

When I used to program mainframes, there would be times that I was working on systems that had been up for years without a reboot/IPL. They didn't need to be rebooted/IPL'ed to install new software, mostly because the size and complexity of the OS was minimized, reducing the code that needed hardware privilege(s) to function (much along the lines of what later became microkernal philosophy), and therefore most updates happened to services/software that was merely restarting a program. Microsoft has error upon error in their OS. Windows just has one kernel-level vulnerability after another that keeps getting found - and this is because Microsoft cannot engineer their way out of a damp paper bag. 

You don't have to believe me. Here's a list of vulnerabilities found:

https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=32238&version_id=&page=1
&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0
&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=1111&
sha=41e451b72c2e412c0a1cb8cb1dcfee3d16d51c44
 
Now, for every vuln that has a potential of privilege elevation or code execution, if you want to run a really tight shop, you need to patch every one of those as quickly as possible after it is found. Look at how many there  are, and how quickly they come, one right after another. Neither modern hospitals (with multiple devices tied to their Windows servers), nor their managed IT services, can keep up with that list of patches and test to keep everything connected to the servers running all the time - and trust me, all the attached devices need to run successfully and they all need to be tested. If there are errors that prevent a nurse from administering a med, the nurse will tell their nursing management, and you do not want to be the IT gnome taking a call from a nursing leader who has found issues where the IV pumps or other devices cannot talk to the server successfully - her wrath will make the ground itself wilt.

It's an absurd situation, and if I were tasked with fixing it, I think I'd start a consortium of health care IT shops, charge membership dues high enough to employ some competent people, and I'd start writing our own OS to support healthcare IT issues. Because sooner or later, someone is going to end up dead as a result of this reliance on Windows. Windows is a shambolic mess of an OS, created and supported by a company that specializes in selling applications that drag their OS sales along. 

BTW, I did not mention Linux. I said BSD - as in FreeBSD, NetBSD, OpenBSD. They're not the same as Linux.  Linux has a mentality of development that, in some ways, mirrors Microsoft - the Linux crowd wants to support as much new hardware as quickly as possible, often sacrificing stability for new features/hardware support.

The BSD Unixes, on the other hand, value stability and reliability much more - and as a result, they might not support new hardware as quickly, because they're going to take their time to get it right.  OpenBSD is the most secure of the bunch, and they value security and stability very highly.



Edited by WYDave 12/18/2019 09:33
Top of the page Bottom of the page


Jump to forum :
Search this forum
Printer friendly version
E-mail a link to this thread

(Delete cookies)